[sillysaurusx]

At first glance, this seems like one of the more interesting projects to come out of Facebook AI. Justification: In the future, AI models will increasingly become interwoven with tech. It's not going to be so much "AI programming" as just "programming".

That raises an interesting question – one that has bothered me for a long time: Who owns copyright on training data?

As we saw with Clearview AI, a lot of data is being used without consent or even knowledge of the creators. And it's extremely hard to detect this usage, let alone enforce rights on it.

I might be misunderstanding this work, but it seems like this would give you the ability to mark your digital data in such a way that you could prove it was later used in a model.

Unfortunately, it's not that simple. You don't have access to the models (normally). And I'm betting that this work is somehow domain-specific, meaning you can't really come up with a generalized marker to imprint on all your data.

But this implies you might be able to mark your data with many such markers, in hopes that one of them will later be triggered:

We also designed the radioactive data method so that it is extremely difficult to detect whether a data set is radioactive and to remove the marks from the trained model.

The flipside is interesting, too: This might give companies yet another way of tracking users. Now you can check whether a given user was in your model's actual training set, and if not, fine-tune the model on the fly.

Looking forward to seeing what comes of this.

[SkyBelow]

Is there any particular reason to think this won't become another cat and mouse escalation as training algorithms have built in protection against this (and other related training set manipulations, especially the poisoning one the article talked about)? That isn't to say it is useless, as most cat and mouse escalations prove to be quite useful as long as the mouse stays a little ahead of the cat.

In this case, wouldn't such a marker be able to be detected by looking at images of the same class and seeing if there are any common perturbation across them, adjusting the images by the common perturbation , and then training the neural network? Even if there isn't such a common perturbation across them, adjusting them by the false flag common perturbation generated shouldn't be any more destructive than this method would be.

If there was a way to make it dependent upon the initial image and the class, that would be much harder to detect, but would such a method be possible to detect since all images within a class would not have the common perturbation?

[gambler]

>Who owns copyright on training data?

Megacorps. Regardless of what the data is, who produced that data or when.